gecko-dev

Граф коммитов

Автор	SHA1	Сообщение	Дата
David Keeler	47263aefb3	bug 1349762 - handle two GlobalSign EV root transfers r=Cykesiopka,jcj (adapted from bug 1349762 comment 0) Google Trust Services (GTS) recently purchased two roots from GlobalSign that are both enabled for EV treatment: "GlobalSign Root CA - R2" and "GlobalSign ECC Root CA - R4". However, GTS does not have an EV audit, so we are going to turn off EV treatment for both of those root certificates. But "GlobalSign Root CA - R2" has intermediate cert "GlobalSign Extended Validation CA - SHA256 - G2" that continues to be controlled by GlobalSign, to be used to migrate their customers off dependence on that root. This patch removes EV treatment for "GlobalSign ECC Root CA - R4". It also removes EV treatment for all chains rooted in "GlobalSign Root CA - R2" unless the "GlobalSign Extended Validation CA - SHA256 - G2" intermediate is in the chain. MozReview-Commit-ID: Ej9L9zTwoPN --HG-- extra : rebase_source : 575f1a48646cf728d879d0cf53c888654e4a32ad	2017-04-03 17:17:38 -07:00
David Cook	7d4c71cc9c	Bug 1115718 - Check for empty issuer name in mozilla::pkix; r=keeler MozReview-Commit-ID: 6Ymgo7dQE7b --HG-- extra : rebase_source : 54ee27fd46c2139125a40deabb11a6aca04c84bc	2016-07-28 20:36:18 -05:00
Sergei Chernov	21be681857	Bug 1284256 - Certificate Transparency - verification of Signed Certificate Timestamps (RFC 6962); r=keeler, r=Cykesiopka MozReview-Commit-ID: IgcnyBH4Up --HG-- extra : transplant_source : %98%A3%5E%B4%DA%89qI1%01A%F8%FF%C7%1FS%D4%23v%B3	2016-07-05 08:35:06 +03:00
David Keeler	c17f3a2733	bug 982932 - only allow Netscape-stepUp to be used for serverAuth for old CA certificates r=Cykesiopka,jcj MozReview-Commit-ID: 88JhIU1pUji --HG-- rename : security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec rename : security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC.pem.certspec => security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec extra : rebase_source : 2f6251679a6f31cccb6d88bb51c567de9cc9bc76	2016-05-05 16:11:11 -07:00
Mark Goodwin	31adb1a5c5	Bug 901698 - Implement OCSP-must-staple; r=keeler	2015-11-13 16:49:08 +00:00
Richard Barnes	990593f9cf	Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler	2015-09-11 14:52:30 -04:00
Jacek Caban	b15946229a	Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith	2015-09-09 14:16:59 +02:00
Ryan VanderMeulen	c7fdbe4d0f	Backed out changeset 982be1bbebdf (bug 1199624) for Windows bustage.	2015-08-30 17:09:09 -04:00
Jacek Caban	c8309c6328	Bug 1199624 - Don't use memset and memcmp in files that don't include cstring explicitly. r=briansmith	2015-08-29 07:59:00 -04:00
Mark Goodwin	91782dab68	Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler)	2015-07-09 07:22:29 +01:00
Cykesiopka	0a9aea4ab2	Bug 1145679 - Reject EV status for end-entity EV certs with overly long validity periods. r=keeler --HG-- extra : rebase_source : ec44bb566cce8ab14f740457d6ba1d863b39c256	2015-06-29 22:19:00 +02:00
David Keeler	4e7fc3055e	bug 1141189 - implement skipping expensive revocation checks (OCSP fetching) for short-lived certificates r=rbarnes	2015-04-06 16:10:28 -07:00
Brian Smith	06b7804e70	Bug 1131767: Prune away paths using unacceptable algorithms earlier, r=keeler --HG-- extra : rebase_source : 79efad2c5f60120ff1022547ce7efa628a7acd0f	2015-02-14 16:59:02 -08:00
Brian Smith	27cb600f2f	Bug 1077864, Part 2: Override the trust level for OCSP response signer certs so that they are never considered trust anchors, r=keeler --HG-- extra : rebase_source : d0c599f7fc29b5fbcb7d8cd97980a3f39d39f515	2015-02-14 15:59:38 -08:00
Brian Smith	bdb4294871	Bug 1077864, Part 1: Check consistency of certificates' signature and signatureAlgorithm fields, r=keeler --HG-- extra : rebase_source : 9a2ca8cb370169f675557987a6b1cc0dedb24ff6	2015-02-22 16:59:03 -08:00
Cykesiopka	47f24e15e4	Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler	2015-02-18 15:56:00 -05:00
Brian Smith	b0f87b9b6c	Bug 1122841, Part 2: Centralize checking of public key, r=keeler --HG-- extra : rebase_source : 6b41ad2d3f37bead8d3ac8b48c5ee0b8063c795b extra : source : d470b5a68bf915cfb12f0e948e1492463092883c	2015-02-02 16:17:08 -08:00
Brian Smith	a4ceeff7d4	Bug 1128413, Part 1: Fix switch-related warnings, r=mmc --HG-- extra : rebase_source : 3d70c2a4ae8f9705a8a2c56c2f49e50fe4711ea9	2015-02-02 14:21:27 -08:00
Cykesiopka	eb24c24fb9	Bug 968560 - Return distinct error codes for certificates that are not valid yet, in mozilla::pkix. r=keeler --HG-- extra : rebase_source : de63f37cdef477d96c1aef8253feca7013ba3bfd	2015-02-06 11:18:20 -08:00
Brian Smith	2968c94831	Bug 1114703: Remove mozilla::pkix's polyfill for std::bind, r=mmc --HG-- extra : rebase_source : 11457f210c7f7534db2e6ebe1a8328985ff6d8b0	2015-01-21 04:00:40 -08:00
Brian Smith	7dd909b9e5	Bug 970542, Part 5: New name constraint implementation, r=keeler, r=mmc --HG-- extra : rebase_source : 849161ac892b05e5ff2d5552c632fc647d309085	2014-10-18 15:38:42 -07:00
David Keeler	0a4f56b330	bug 1042889 - use a separate error for untrusted x509v1 certificates used as CAs r=briansmith	2014-10-15 10:38:51 -07:00
David Keeler	06b4f5bba9	bug 1060929 - mozilla::pkix: allow explicit encodings of default-valued BOOLEANs for compatibility r=briansmith	2014-09-22 09:26:10 -07:00
David Keeler	a250e4de47	bug 1057123 - mozilla::pkix: allow end-entity certificates to assert keyCertSign in some cases r=briansmith	2014-09-03 10:12:55 -07:00
Brian Smith	ede2da1dd5	Bug 1057791: Switch PR_ASSERT to assert in pkixcheck.cpp, r=keeler --HG-- extra : rebase_source : a63e822eed9914046127c466f7e5c4f0e3e84361 extra : histedit_source : fc9d16f67cc349f5c7d3964c5dc58de1e5b9e986	2014-08-17 16:50:45 -07:00
David Keeler	3d57f23fab	bug 1040446 - mozilla::pkix: add error code for CA cert used as end-entity cert r=briansmith	2014-08-11 12:35:45 -07:00
Brian Smith	9c4276d25b	Bug 1048070, Part 2: Remove uses of PR_NOT_REACHED and PR_ARRAY_SIZE in mozilla::pkix, r=keeeler --HG-- extra : rebase_source : d373a7526c1048770bed8bacb7e14c8f10e832cb	2014-08-03 18:24:35 -07:00
Brian Smith	3f64294312	Bug 1048070, Part 1: Replace uses of PR_ASSERT in mozilla::pkix, r=keeler --HG-- extra : rebase_source : 3f1dbb4babb6d575bde3088c92aeb6f28d689210	2014-08-02 09:17:59 -07:00
Brian Smith	0ccaf0860c	Bug 1043041: Use mozilla::pkix::Time instead of PRTime, r=keeler --HG-- extra : rebase_source : 2cc39d3c322c1355aad003f2497659a091febac2	2014-08-02 08:49:12 -07:00
Brian Smith	25a73829af	Bug 1041344: Refactor mozilla::pkix::CheckCertificatePolicies, r=cviecco --HG-- extra : rebase_source : d40184b986e9c6ed44c0b39a485292a91f924f13	2014-07-19 18:51:10 -07:00
Brian Smith	d77dac0580	Bug 1041186, Part 2: Rename Input to Reader and InputBuffer to Input, r=keeler --HG-- extra : rebase_source : bf57a9eb6ae5c122912e00a47156010e5ea99478	2014-07-31 12:17:31 -07:00
Brian Smith	ffe743ee06	Bug 1041186, Part 1: Improve buffer overflow protection in mozilla::pkix, r=keeler --HG-- extra : rebase_source : 0f4a33f2c66594930ba9c79233648c70e33ba27c	2014-07-18 22:30:51 -07:00
Brian Smith	5f56fc60d6	Bug 1041343: Use references instead of pointers for TrustLevel output parameters, r=cviecco --HG-- extra : rebase_source : d5c07dc29a95ccb75a7a8f199de26d43950b9ed4	2014-07-20 11:06:26 -07:00
Brian Smith	c45dc156d1	Bug 1039064: Use strongly-typed enum instead of NSPR-style error handling, r=keeler --HG-- extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532	2014-07-18 11:48:49 -07:00
Brian Smith	8483b958ad	Bug 1038837: Factor out mozilla::pkix::Input into a separate header, r=mmc --HG-- rename : security/pkix/lib/pkixder.h => security/pkix/include/pkix/Input.h rename : security/pkix/lib/pkixutil.h => security/pkix/include/pkix/Result.h extra : rebase_source : 09bac0a183932f721cdfd32936595867e4dc26ce	2014-07-13 13:17:36 -07:00
Brian Smith	96c220acca	Bug 1038828: Replace mozilla::pkix::der::Result with uses of mozilla::pkix::Result, r=mmc --HG-- rename : security/pkix/lib/pkixutil.h => security/pkix/include/pkix/Result.h extra : rebase_source : e385af4bab665627aa5d434db04830065cbc641f	2014-07-15 10:33:49 -07:00
Brian Smith	c162caba82	Bug 1036107, Part 1: Stop using CERTSignedData in mozilla::pkix, r=keeler --HG-- extra : rebase_source : 94c49062ae3ddf755651f151e2d648543b10e1ad extra : histedit_source : a7377bf1d9adb62e1c584e2adeb793aa074245fb	2014-07-10 19:00:32 -07:00
Brian Smith	b14f27897b	Bug 1037324: Delegate additional name constraint selection to the TrustDomain in mozilla::pkix, r=cviecco --HG-- extra : rebase_source : 300f33bfb3a0c9ae1525695b080674c1fb21eafc	2014-07-10 22:38:59 -07:00
Brian Smith	94e53dc0be	Bug 1035942: Decide whether to consider end-entity CN as a dnsName in CheckNameConstraints instead of in BuildCertChain, r=cviecco --HG-- extra : rebase_source : 19c5949253e4e631b0bd841f17f000885001b327 extra : histedit_source : dce57eb862a2a13d07d11fdf6917afcf6cb4136c	2014-07-08 13:04:17 -07:00
Brian Smith	3f110246be	Bug 1035009: Stop using CERTCertList in mozilla::pkix, r=keeler --HG-- extra : rebase_source : fc2b39e5e2b44fea365914e83a7d1f2dc9b784bc extra : histedit_source : b40e5e8cb106fe87f6f065b01ca43adb0bf3a605	2014-07-06 15:55:38 -07:00
Camilo Viecco	867a197ca1	Bug `1030204` - 1/2 Name constraint ANSSI(DCISS) Root cert in mozilla::pkix. r=keeler --HG-- extra : rebase_source : 221ca75af601649731bf83cace2e6b0edcd4b2ab	2014-07-08 16:16:26 -07:00
Brian Smith	783ead1861	Bug 1034636: Remove mozilla::pkix::ScopedCERTCertifciate and mozilla::pkix::ScopedPLArenaPool, r=mmc --HG-- extra : rebase_source : 68e6da2f1e1c7fa678ef4cc81d23cc6298709108 extra : histedit_source : feba4c589dbf004ee50e2dea1fca0809f8f97674	2014-07-03 21:49:56 -07:00
Brian Smith	89e560be23	Bug 1029247, Part 2: Parse certificates using mozilla::pkix::der, r=keeler --HG-- extra : rebase_source : e093922497d005734c590a59f175993a7715bce8	2014-07-03 16:59:42 -07:00
Brian Smith	4fdd6599dc	Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler --HG-- extra : rebase_source : d0bf802f4ff3fe9900ed7444c046617aa27faea9	2014-06-26 14:22:20 -07:00
Brian Smith	fb1fde93b7	Bug 1019770: Use mozilla::pkix::der to decode times and certificate validity period, r=cviecco --HG-- extra : rebase_source : 2b1fa83599c4d0748757b25b56f65e10d41504c8	2014-06-24 21:48:12 -07:00
Wes Kocher	a2eaaf7841	Backed out changeset 5ea9b7bd2db5 (bug 1019770)	2014-07-01 17:43:47 -07:00
Wes Kocher	ea7141a1d8	Backed out changeset f97578949399 (bug 1032947)	2014-07-01 17:43:33 -07:00
Brian Smith	cd8fb3a537	Bug 1032947: Change CheckNameConstraints to construct CERTCertificate instances when needed, r=keeler --HG-- extra : rebase_source : 64bd4c390f708213242e0d4987b7117b0049d02a	2014-06-26 14:22:20 -07:00
Brian Smith	7f7734a4ba	Bug 1019770: Use mozilla::pkix::der to decode times and certificate validity period, r=cviecco --HG-- extra : rebase_source : 05e348b4ae9bb88fdd0895ec5dcec55993ca17c4	2014-06-24 21:48:12 -07:00
Brian Smith	73c952f2fb	Bug 1029364: Centralize version parsing in BackCert::Init, r=cviecco --HG-- extra : rebase_source : 7e91710ed7cd6e68875c2d26f0b503835968e1f2 extra : histedit_source : e07446cad5edbf6cbb048304bc2b2af4395410db	2014-06-25 01:32:06 -07:00

1 2

75 Коммитов